Executive Summary

Informations
Name CVE-2024-56648 First vendor Publication 2024-12-27
Vendor Cve Last vendor Modification 2025-01-06

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

net: hsr: avoid potential out-of-bound access in fill_frame_info()

syzbot is able to feed a packet with 14 bytes, pretending it is a vlan one.

Since fill_frame_info() is relying on skb->mac_len already, extend the check to cover this case.

BUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:709 [inline]
BUG: KMSAN: uninit-value in hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724
fill_frame_info net/hsr/hsr_forward.c:709 [inline]
hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724
hsr_dev_xmit+0x2f0/0x350 net/hsr/hsr_device.c:235
__netdev_start_xmit include/linux/netdevice.h:5002 [inline]
netdev_start_xmit include/linux/netdevice.h:5011 [inline]
xmit_one net/core/dev.c:3590 [inline]
dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3606
__dev_queue_xmit+0x366a/0x57d0 net/core/dev.c:4434
dev_queue_xmit include/linux/netdevice.h:3168 [inline]
packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3146 [inline]
packet_sendmsg+0x91ae/0xa6f0 net/packet/af_packet.c:3178
sock_sendmsg_nosec net/socket.c:711 [inline]
__sock_sendmsg+0x30f/0x380 net/socket.c:726
__sys_sendto+0x594/0x750 net/socket.c:2197
__do_sys_sendto net/socket.c:2204 [inline]
__se_sys_sendto net/socket.c:2200 [inline]
__x64_sys_sendto+0x125/0x1d0 net/socket.c:2200
x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
slab_post_alloc_hook mm/slub.c:4091 [inline]
slab_alloc_node mm/slub.c:4134 [inline]
kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186
kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587
__alloc_skb+0x363/0x7b0 net/core/skbuff.c:678
alloc_skb include/linux/skbuff.h:1323 [inline]
alloc_skb_with_frags+0xc8/0xd00 net/core/skbuff.c:6612
sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2881
packet_alloc_skb net/packet/af_packet.c:2995 [inline]
packet_snd net/packet/af_packet.c:3089 [inline]
packet_sendmsg+0x74c6/0xa6f0 net/packet/af_packet.c:3178
sock_sendmsg_nosec net/socket.c:711 [inline]
__sock_sendmsg+0x30f/0x380 net/socket.c:726
__sys_sendto+0x594/0x750 net/socket.c:2197
__do_sys_sendto net/socket.c:2204 [inline]
__se_sys_sendto net/socket.c:2200 [inline]
__x64_sys_sendto+0x125/0x1d0 net/socket.c:2200
x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56648

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3701

Sources (Detail)

https://git.kernel.org/stable/c/3c215663b3e27a3b08cefcaea623ff54c70c8035
https://git.kernel.org/stable/c/6bb5c8ebc99f0671dbd3c9408ebaf935c3951186
https://git.kernel.org/stable/c/7ea527fbd7b94d0bee64a0a7e98279bcc654b322
https://git.kernel.org/stable/c/aa632691c722a123e47ccd05a3afdd5f87a36061
https://git.kernel.org/stable/c/b9653d19e556c6afd035602927a93d100a0d7644
https://git.kernel.org/stable/c/c6e778901d0055356c4fb223058364cae731494a
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Date Informations
2025-07-15 02:41:12
  • Multiple Updates
2025-07-14 12:38:29
  • Multiple Updates
2025-06-26 02:38:27
  • Multiple Updates
2025-06-25 12:36:30
  • Multiple Updates
2025-06-24 02:43:05
  • Multiple Updates
2025-05-27 02:48:30
  • Multiple Updates
2025-03-29 03:44:23
  • Multiple Updates
2025-03-28 13:47:40
  • Multiple Updates
2025-03-28 03:22:12
  • Multiple Updates
2025-03-19 03:17:02
  • Multiple Updates
2025-03-18 03:30:01
  • Multiple Updates
2025-03-14 03:17:09
  • Multiple Updates
2025-03-06 14:13:41
  • Multiple Updates
2025-02-22 03:27:13
  • Multiple Updates
2025-01-08 00:20:57
  • Multiple Updates
2025-01-07 03:08:11
  • Multiple Updates
2025-01-07 00:20:50
  • Multiple Updates
2024-12-27 21:20:28
  • First insertion